Despite their critical importance to the Government, the operations of many organisations in the power sector are not always totally safe. In order to ensure their safety, the Ministry has Power has formulated multiple guidelines. If adhered to strictly, these can safeguard web application servers of the power companies from getting hacked. Radius Synergies has taken care to ensure that its Xenius system meets all these guidelines.
- The Ministry of Power has set in place various guidelines for the power sector utilities in order to safeguard their web application servers from hackers.
- Any remote access traffic such as Remote Desk Protocol (RDP) and Secure Shell Protocol (SSH) must be tunnelled and encrypted.
- Every application, service and web application running must be analysed and given least privileges to safeguard the servers.
- All the server log files, WAF logs and Security event logs must be thoroughly analysed to detect and stop suspicious behaviour on the server and network
Among the largest in the world, the power sector in the country is highly critical for the Government. Unfortunately, however, the web application servers used by many power sector organisations are not always 100 per cent safe. These are prone to hacking that can result in hurting the country’s economy, besides creating restlessness among citizens. Keeping these key factors in mind, the Ministry of Power has set in place various guidelines for the power sector utilities in order to safeguard their web application servers from hackers. Radius Synergies International takes pride in the fact that its Xenius system meets all the compliances required by the MOP. Some of these guidelines have been discussed below:
- Isolation of Networks: Physical isolation of Operational Technology (OT) and Information Technology (IT) networks is required by all SLDCs and power corporations.
- Switch Off unnecessary functionality: Any feature or functionality that is not used by the web application must be uninstalled or switched off.
- Limit and Secure Remote Access: Access to the web server locally must be given to a very few administrators. Any remote access traffic such as Remote Desk Protocol (RDP) and Secure Shell Protocol (SSH) must be tunnelled and encrypted.
- Use accounts with limited Privileges: The privileges assigned to database account must be minimised. Access rights like DBA or Admin should not be provided to application accounts. It is safer for an administrator to have different accounts for different tasks.
- Permissions and Privileges: Every application, service and web application running must be analysed and given least privileges to safeguard the servers. Servers must be properly configured to prevent unauthorised access and directory listing.
- Segregate Development, Testing and Live Environments: All the development and testing is done in a staging environment. Once the development and testing is done, the administrator must apply changes to the live environment and also make sure that these changes to the web application should not pose any security risks.
- Install Security Patches: All the security patches should have the latest versions of that particular software.
- Enable and Monitor Logs: Properly configured Web Application Firewall (WAF) should be deployed. All the server log files, WAF logs and Security event logs must be thoroughly analysed to detect and stop suspicious behaviour on the server and network.
- Backup: The website data must be properly backed up and secured using an encrypted medium.
- Audit: The web application and its IT infrastructure must go through regular security auditing and Vulnerability Assessment and Penetration Testing (VAPT) must be carried out by an authorized auditing agency.